popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 7d2e866b9a6aa6a0_7oxv2cf7.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.0.cs
Size 477.0B
Processes 3008 (powershell.exe)
Type C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5 674e5197c57e85dd845c6ca967fa974b
SHA1 ef5287edd9fad83e13fe63b128a6075c31c1f143
SHA256 7d2e866b9a6aa6a0dc325075be2c8f2176656c0ce64cb08c4f8eced334fb14e6
CRC32 082C1ABB
ssdeep 6:V/DsYLDS81zuW01eMOJpNQXReKJ8SRHy4HqkPbMOxfkAwXKwwy:V/DTLDfuWOXfHmPeMAw6zy
Yara
  • Network_Downloader - File Downloader
VirusTotal Search for analysis
Name e3b0c44298fc1c14_7oxv2cf7.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 882df529b4e1ecc4_7oxv2cf7.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.dll
Size 3.5KB
Processes 2372 (csc.exe) 3008 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6e51ebcb646094ef07cf7ba1ea12854a
SHA1 ad97b75de0c7e1b497661e7a60599d14dede0a2d
SHA256 882df529b4e1ecc4bfd504c97a209e97b041077f9c2f7392f1228c4eaf2450c2
CRC32 D6AAABD7
ssdeep 24:etGSNda2SEw17p6mgkbK1sXWnXUbdPtkZftAx4T14a/T6mI+ycuZhNaakSyPNnq:6K5GmlXEXMuJtAWTKa/F1ulaa3eq
Yara
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name f62c536b0d1f158f_RESAD34.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESAD34.tmp
Size 1.2KB
Processes 2384 (cvtres.exe) 2372 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 cb13c72f50d53dcd292109a52afd8766
SHA1 731053b56e32a77cb18a70d86ba93de10d46df57
SHA256 f62c536b0d1f158f5207bce47d7ed1f31fd06a0a95f660afc0825a8a1392ad21
CRC32 CE45D603
ssdeep 24:HgJ9YernYemH9UnhKLI+ycuZhNaakSyPNnqjtd:RernXmKnhKL1ulaa3eqjH
Yara None matched
VirusTotal Search for analysis
Name 44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 3008 (powershell.exe)
Type data
MD5 ee6cfd78f72f03663db2a7df0c696dd7
SHA1 56126e81a5f6577f8e24a890185d0c9eb600fa02
SHA256 44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568
CRC32 F27137C4
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name c19725e8492ed84b_7oxv2cf7.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.pdb
Size 7.5KB
Processes 2372 (csc.exe) 3008 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 7db70245a0b2323e3e7c907bb2ac37a4
SHA1 cd903573e1fb178d4157dea69beee95492dd8079
SHA256 c19725e8492ed84bbe38b04312a5d0db521db19be939d72e5f328d6c6f416ea6
CRC32 D97C7976
ssdeep 6:zz/BamfXllNS/XXn1mllxrS/77715KZYX214pMoGggksl/3YXBGQu+e0KWEi+:zz/H1W/H1SXS/pw6pMmqRi
Yara None matched
VirusTotal Search for analysis
Name bb2abe29d279440a_CSCAC96.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCAC96.tmp
Size 652.0B
Processes 2372 (csc.exe)
Type MSVC .res
MD5 e2cb7c0d604cbe7bc142ea1a98ed2755
SHA1 e368a689634c3f414d6c4632a44128ca4f1be94e
SHA256 bb2abe29d279440a1283b4da5a74b45b1451b4df6363658337b819367966f9ee
CRC32 484B3242
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grycak7YnqqyPN5Dlq5J:+RI+ycuZhNaakSyPNnqX
Yara None matched
VirusTotal Search for analysis
Name 40677937a325f81d_7oxv2cf7.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.out
Size 598.0B
Processes 3008 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 bd8c47d19338cc4701bab2599d14f313
SHA1 a99b570d4ac8878165d14327255bf864a663df1e
SHA256 40677937a325f81d281b6f79a58c077888f1c01655f6902024a93ac50f51a702
CRC32 7811E878
ssdeep 12:K4X/NzR37LvXOLMTLtQnPAE2xOLMTLE1Kai31bIKIMBj6I5BFR5y:KyNzd3BT+nIE2nTI1Kai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name 012bbaeb2ad9caea_7oxv2cf7.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\7oxv2cf7.cmdline
Size 311.0B
Processes 3008 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 862296ce9e0cc38566527e0023c1c2d1
SHA1 95eaa21311222e00177a6e435e406a86e4224970
SHA256 012bbaeb2ad9caead677ba1172a42ee08d3fe4149e1f8f6505ede9d7daf9a333
CRC32 33F3CDBF
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fjXLtQmGsSAE2NmQpcLJ23fjXLEWH:p37LvXOLMTLtQnPAE2xOLMTLEA
Yara None matched
VirusTotal Search for analysis